Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [SOLVED] Can't acces LDAP through IPsec

    IPsec
    3
    7
    1871
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a.lefebvre last edited by

      Hello,

      I'm kinda new to pfSense and i didn't found any information on that so i decided to open a subject here :

      I have two pfsense connected with IPsec successfully. Each of them sharing some LAN network.

      I want my pfsense2 to be able to connect to a ldap server on the lan of the pfsense1 but it seems i can't reach it.

      If i try to make a ping from pfsense2 to the ldap server i can't acces it with the source address as Default. If i use the LAN card of my pfsense2 as the source IP it's working.

      So i'm guessing pfsense use a wrong IP as default (maybe wan address?) when he tries to connect to the LDAP server. How can i change this behavior ?

      I tried a nat rule but not working either. (the ldap IP is within the 172.20.0.0/16 subnet)

      1 Reply Last reply Reply Quote 0
      • K
        kapara last edited by

        What about Windows firewall?

        1 Reply Last reply Reply Quote 0
        • A
          a.lefebvre last edited by

          The firewall of the server is disabled, nothing is blocking on the server side i guess.

          The issue i think is how pfSense choose his IP to access to the server through IPsec. I already had a similar issue with others Firewall, they gave a command to set the IP the firewall should use to connect to a remote ldap server. Is pfSense able to do the same thing ?

          Regards,

          Alexandre.

          1 Reply Last reply Reply Quote 0
          • K
            kapara last edited by

            For testing purposes what if you make all values in IPSec rule *

            1 Reply Last reply Reply Quote 0
            • A
              a.lefebvre last edited by

              This is actually * (at least on the source)

              I can't see any trafic from the source pfsense on the remote pfsense.

              Seems like the source pfsense isn't sending the trafic on the IPSec tunnel at all when the trafic is originating from the default interface on the pfsense. Computer behind the source pfsense can't access properly to the remote network on the remote pfsense.

              I'm able to ping the LDAP server when i specified the LAN interface from the pfSense. But i can't when i'm using the default one see :

              DEFAULT :

              LAN interface :

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

                Same idea, just reverse direction. Might also be able to work around it with a P2 for Firewall WAN IP<->IP of LDAP server

                1 Reply Last reply Reply Quote 0
                • A
                  a.lefebvre last edited by

                  This is totally what i needed.

                  It works perfectly.

                  :)

                  Thanks for your reply jimp.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy